Judge Allows Trial of CFAA Claim Against Wiseguys

While noting that it took seriously the concerns raised by EFF and others in an amicus brief, a federal judge in New Jersey in the case of U.S. v. Lowson yesterday decided to delay a decision on the thorny question of whether the government can use the Ticketmaster website's terms of use to smack ticket resellers with criminal charges. The Court allowed a federal indictment under the Computer Fraud and Abuse Act (CFAA) of online ticket vendors to go to trial in order to develop a more complete factual record.

EFF, along with the Association of Criminal Defense Attorneys of New Jersey, the Center for Democracy and Technology, and several law professors had argued that CFAA liability should not be based on violations of terms of use. US v. Lowson is one of a rash of cases in which a website's terms of use — the long, one-sided, rarely read documents that users must click "agree" to — are being inappropriately used as the basis for criminal prosecution. The court noted:

The Court notes and must take seriously the argument advanced by the defendants, as well as those made by Amici, regarding whether the unauthorized access alleged here amounts to contract-based violations of Ticketmaster's terms of service that are actionable under civil laws.

Because it found the facts to be complicated and in dispute, the Court held that the issues raised by EFF could be best evaluated after trial, which will allow for a more complete presentation of the government's arguments and proof. The court was especially interested in the government's belated claim that liability could be based on proof of circumvention of what the court called "code-based restrictions." EFF did not directly address the "code-based restrictions" issue in its amicus because it was not the focus of the indictment.

EFF will continue to watch the case closely and will continue to weigh in to prevent criminalizing terms of use violations. We will also be watching this case in order to ensure courts carefully consider whether and under what circumstances it is proper to impose criminal penalties for bypassing code-based restrictions as well.

Related Updates

Deputy Attorney General Rod Rosenstein delivered a speech on Tuesday about what he calls “responsible encryption” today. It misses the mark, by far. Rosenstein starts with a fallacy, attempting to convince you that encryption is unprecedented: Our society has never had a system where evidence of criminal wrongdoing was...

EFF, joined by Public Knowledge, filed an amicus brief today asking the Court of Appeals for the Federal Circuit to revisit one of its worst decisions ever. Three years ago this month, in Oracle v. Google, the Federal Circuit held that the Java Application Programming Interfaces...

This year was one of the busiest in recent memory when it comes to cryptography law in the United States and around the world. But for all the Sturm und Drang, surprisingly little actually changed in the U.S. In this post, we’ll run down the list of things that happened...

EFF staffers will spread the online freedom message at 2600 Magazine's biennial Hackers on Planet Earth (HOPE) conference from July 22 to July 24. The Eleventh HOPE will take place at the historic Hotel Pennsylvania in New York and host numerous presentations on such diverse topics as automobile software hacking...

Rhode Island legislators recently decided not to advance a bill that would have made that state’s bad “anti-hacking” law even worse. This is good news. But the struggle continues against other vague and overbroad computer crime laws. As EFF previously explained, this Rhode Island bill was a threat...

We are proud to announce the return of EFF's Badge Hack Pageant at the 24th annual DEF CON hacking conference in Las Vegas. EFF invites all DEF CON attendees to stretch their creative skills by reinventing past conference badges as practical, artful, and over-the-top objects of their choosing. The numerous...

Fort Belvoir, Virginia—The Electronic Frontier Foundation (EFF) asked a U.S. Army Court of Criminal Appeals Wednesday to overturn Chelsea Manning’s conviction for violating the Computer Fraud and Abuse Act (CFAA), arguing that the law is intended to punish people for breaking into computers systems—something Manning didn’t do. Manning...

San Francisco—The Electronic Frontier Foundation (EFF) will urge a federal appeals court Wednesday to reject Facebook’s claims that it’s a crime to workaround an IP address block—an interpretation of the law that could criminalize routine online behavior. EFF Legal Fellow Jamie Williams will participate in oral argument in the case...

At EFF we put security and privacy first. This means working hard at keeping our members and site visitors safe, as well as the people who use the software we develop. We also dedicate staff time to advising security researchers, maintaining resources like our Coders' Rights Project, and ...